Skip to content

G
gitlab-foss

李少辉-开发者 / gitlab-foss

通知 15
Star 0
Fork 0
G
gitlab-foss

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
user.rb 2.1 KB
Newer Older
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
1 2 3 4 
# LDAP extension for User model
#
# * Find or create user from omniauth.auth data
# * Links LDAP account with existing user
D
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets 已提交
5 
# * Auth LDAP user with login and password
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
6 7 8 
#
module Gitlab
  module LDAP
D
Inherit Gitlab::LDAP::User from Gitlab::OAuth::User  
Dmitriy Zaporozhets 已提交
9 
    class User < Gitlab::OAuth::User
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
10 
      class << self
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
11 
        def find_by_uid_and_provider(uid, provider)
J
Fix searching by extern_uid for LDAP to be case-insensitive  
Jakub Jirutka 已提交
12 
          # LDAP distinguished name is case-insensitive
V
Multi-provider auth. LDAP is not reworked  
Valery Sizov 已提交
13 
          identity = ::Identity.
J
Remove special cases for the 'ldap' provider  
Jacob Vosmaer 已提交
14 
            where(provider: provider).
D
No mb_chars needed anymore  
Douwe Maan 已提交
15 
            iwhere(extern_uid: uid).last
V
Multi-provider auth. LDAP is not reworked  
Valery Sizov 已提交
16 
          identity && identity.user
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
17 
        end
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
18 
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
19
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
20 21 22 23 
      def initialize(auth_hash)
        super
        update_user_attributes
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
24
P
Decouple SAML authentication from the default Omniauth logic  
Patricio Cano 已提交
25 26 27 28 
      def save
        super('LDAP')
      end
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
29 30 31 32 
      # instance methods
      def gl_user
        @gl_user ||= find_by_uid_and_provider || find_by_email || build_new_user
      end
J
Test authenticate method for Gitlab::LDAP::User  
Jan-Willem van der Meer 已提交
33
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
34 
      def find_by_uid_and_provider
D
Allow LDAP users to change their email if it was not set by the LDAP server  
Douwe Maan 已提交
35 
        self.class.find_by_uid_and_provider(auth_hash.uid, auth_hash.provider)
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
36 37 38 
      end

      def find_by_email
D
Allow LDAP users to change their email if it was not set by the LDAP server  
Douwe Maan 已提交
39 
        ::User.find_by(email: auth_hash.email.downcase) if auth_hash.has_email?
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
40 41 42 
      end

      def update_user_attributes
D
Allow LDAP users to change their email if it was not set by the LDAP server  
Douwe Maan 已提交
43 44 45 46 
        if persisted?
          # find_or_initialize_by doesn't update `gl_user.identities`, and isn't autosaved.
          identity = gl_user.identities.find { |identity|  identity.provider == auth_hash.provider }
          identity ||= gl_user.identities.build(provider: auth_hash.provider)
D
Improvements to LDAP::User model  
Dmitriy Zaporozhets 已提交
47
D
Allow LDAP users to change their email if it was not set by the LDAP server  
Douwe Maan 已提交
48 49 50 51 52 
          # For a new identity set extern_uid to the LDAP DN
          # For an existing identity with matching email but changed DN, update the DN.
          # For an existing identity with no change in DN, this line changes nothing.
          identity.extern_uid = auth_hash.uid
        end
J
Refactor OAuth refactorings to CE  
Jan-Willem van der Meer 已提交
53 54 55 
      end

      def changed?
D
Improvements to LDAP::User model  
Dmitriy Zaporozhets 已提交
56 
        gl_user.changed? || gl_user.identities.any?(&:changed?)
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
57 
      end
J
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer 已提交
58
D
Add config var to block auto-created LDAP users.  
Douwe Maan 已提交
59 60 
      def block_after_signup?
        ldap_config.block_auto_created_users
J
Use instance methods of LDAP::User as well  
Jan-Willem van der Meer 已提交
61 
      end
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
62
R
Sync email address from specified omniauth provider  
Robin Bobbitt 已提交
63 64 65 66 
      def sync_email_from_provider?
        true
      end
J
Refactor lib files for multiple LDAP groups  
Jan-Willem van der Meer 已提交
67 68 69 
      def allowed?
        Gitlab::LDAP::Access.allowed?(gl_user)
      end
D
Add config var to block auto-created LDAP users.  
Douwe Maan 已提交
70
D
Shuffle config around a bit  
Douwe Maan 已提交
71 72 
      def ldap_config
        Gitlab::LDAP::Config.new(auth_hash.provider)
D
Add config var to block auto-created LDAP users.  
Douwe Maan 已提交
73 
      end
D
Allow configuration of LDAP attributes GitLab will use for the new user account.  
Douwe Maan 已提交
74 75 

      def auth_hash=(auth_hash)
D
Shuffle config around a bit  
Douwe Maan 已提交
76 
        @auth_hash = Gitlab::LDAP::AuthHash.new(auth_hash)
D
Allow configuration of LDAP attributes GitLab will use for the new user account.  
Douwe Maan 已提交
77 
      end
D
Mode User+LDAP functionality from Gitlab::Auth  
Dmitriy Zaporozhets 已提交
78 79 80 
    end
  end
end